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Abstract — In the last years, the adoption of active systems has 
increased in many fields of computer science, such as databases, 
sensor networks, and software engineering. These systems are 
able to automatically react to events, by collecting information 
from outside and internally generating new events. However, 
the collection of data is often hampered by uncertainty and 
vagueness that can arise from the imprecision of the monitoring 
infrastructure, unreliable data sources, and networks. The 
decision making mechanism used to produce a reaction is also 
imprecise, and cannot be evaluated in a crisp way. It depends 
on the evaluation of vague temporal constraints, which are 
expressed on the collected data by humans. Despite fuzzy logic 
has been mainly conceived as a mathematical abstraction to 
express vagueness, no attempt has been made to fuzzify the 
temporal modalities. Existing fuzzy languages do not allow 
us to represent temporal properties, such as "almost always" 
and "soon". Indeed, the semantics of existing fuzzy temporal 
operators is based on the idea of replacing classical connectives 
or propositions with their fuzzy counterparts. To overcome 
these limitations, we propose a temporal framework, FTL 
(Fuzzy-time Temporal Logic), to express vagueness on time. 
This framework formally defines a set of fuzzy temporal 
modalities, which can be customized by choosing a specific 
semantics for the connectives. The semantics of the language is 
sound, and the introduced modalities respect a set of expected 
mutual relations. We also prove that under the assumption that 
all events are crisp, FTL reduces to LTL. Finally, for some of 
the possible fuzzy interpretations of the connectives, we identify 
adequate sets of temporal operators, from which it is possible 
to derive all the others. 



I. Introduction 

In the last years, the adoption of active systems has 
increased in many fields of computer science. Active sys- 
tems must automatically react to achieve or maintain their 
requirements, depending on the information collected from 
the surrounding environment. Examples of such systems are 
active databases [l], active sensor networks ^, and smart 
grids |3|. For instance, smart grids may need to adjust the 
workload on the appliances (e.g., fridge, oven) available in 
a building to optimize energy consumption and costs. 

Event-driven architectures |4| are a common architectural 
paradigm to design active systems. This paradigm is based 
on the idea that the actions the system will perform are 
generated as a reaction to the events occurred inside and 
outside the system. In many cases, providing such active 



functionality requires to materialize the occurrence of other 
relevant events, according to a set of inference rules. These 
rules are generally defined by domain experts, and are 
formalized by designers. Domain experts must provide the 
set of basic events to be collected, which serve as input to 
the rules, their inter-relationships, and the parameters of the 
events for determining a new event materialization. 

However, the collection of data is often hampered by 
uncertainty and vagueness that can arise from the impreci- 
sion of the monitoring infrastructure, unreliable data sources, 
and networks. The inference rules that are used to produce 
a reaction are also imprecise. They often depend on the 
evaluation of untimed or temporal properties that are vague, 
since they are expressed by humans, and, for this reason, 
cannot be assessed in a crisp way. For example, a smart 
grid must satisfy the following property: "all appliances 
must be available almost always". This rule is vague since 
the concept of availability cannot be precisely assessed, 
because it may depend on the perception of the customers. 
The temporal period ("almost always"), during which the 
availability property must be satisfied, is vague as well. For 
these reasons, it becomes fundamental to identify a suitable 
formalism to represent vague properties as suitable untimed 
or temporal formulae. 

Fuzzy logic has been conceived as a mathematical ab- 
straction to express vagueness in the satisfaction of formu- 
lae. While the propositional fuzzy logic has been deeply 
investigated, the fuzzy version of the temporal modaUties 
has been often neglected. Few attempts f5l, f6l, fTl, fSl, 111 
to manage time have been made, but all these approaches 
just focus on the uncertainty of the information and do not 
take into account the truth degree of temporal expressions. 
The semantics of existing fuzzy temporal operators is based 
on the idea of replacing classical connectives or propositions 
with their fuzzy counterparts. Existing fuzzy languages do 
not allow us to represent additional temporal properties, such 
as "almost always", "soon". This kind of modalities may be 
useful when we need to specify situations when a formula 
is slightly satisfied, since an event happens a little bit later 
than expected, when a property is always satisfied except 
for a small set of time instants, or a property is maintained 
for a time interval which is slightly smaller than the one 



requested. 

To overcome these limitations, we propose a temporal 
framework, FTL (Fuzzy-time Temporal Logic), to express 
vagueness on time. This framework formally defines a set 
of fuzzy temporal modalities, which can be customized 
by choosing a specific semantics for the connectives. The 
semantics of the language is sound, and the introduced 
modalities respect a set of expected mutual relations. We 
also prove that under the assumption that all events are crisp, 
FTL reduces to LTL. Finally, for some of the possible fuzzy 
interpretations of the connectives, we identify an adequate 
set of temporal operators, from which it is possible to derive 
all the others. 

The paper is organized as follows. Section III] discusses 
some related work. Section [III] provides some background 
knowledge about fuzzy logic and points out its differ- 
ences w.rt. probability theory. Section [IV] presents the FTL 
framework, by illustrating some interesting properties of the 
operators it introduces. Section W\ identifies an adequate 
set of connectives for some classical interpretations of the 
connectives. Note that proofs of propositions are given in a 
sketch form, and minor details are left to the reader. Section 
VI provides some example of possible FTL specifications 



in the context of smart grids, and Section VII concludes the 
paper. 

II. Related Work 

In computer science, fuzzy logic has been mainly used 
to represent the uncertainty due to the unpredictability of 
the environment or the imprecision of the measurements. 
Many attempts ||6l, ||5l have been made to use fuzzy logic 
to monitor the satisfaction of temporal properties of the 
system and/or the environment. For example, Lamine and 
Kabanza ||6l add, for each classic temporal operator (e.g., 
always, eventually, until, etc.), a corresponding fuzzy tem- 
poral one. This operator keeps the same semantics of its 
crisp counterpart, with the only difference that the Boolean 
connectives (not, and, or) are replaced with the correspond- 
ing operations in the Zadeh interpretation (see operations 
associated respectively with negation, t-norm and t-conorm 
in Table [ll|. The authors evaluate a fuzzy proposition over a 
history (i.e., a sequence of states) and associate a weight with 
the evaluation made at each state. The weights and the extent 
to which the history is needed to evaluate a proposition 
are defined empirically, depending on the application and 
the properties expressed by the proposition itself. Similarly, 
Thiele and Kalenka |5| define a fuzzy "interpretation" of the 
traditional temporal operators. They also introduce proper 
fuzzy temporal operators to represent the short or long 
time distance in which a specific property must be satisfied 
(in the future or in the past). Despite the aforementioned 
approaches are a first step towards the fuzzyfication of time, 
they do not associate a specific fuzzy semantics with the 
temporal modalities. Instead, temporal modalities have a 



fuzzy semantics only depending on the interpretation given 
to their (sub-)argument, which is an untimed fuzzy formula. 

Other works |7 1, |8|, [9J have a slightly different objective. 
They use fuzzy temporal logic to express uncertainty about 
the time in which some specific events may occur and the 
temporal relationships among events and states. Dutta Q 
defines the occurrence of an event as the possibility of 
its occurrence in any time interval. This way the authors 
can evaluate a set of temporal relations between a pair 
of events: if an event precedes/follows another one, the 
degree an event overlaps another one, or whether an event 
immediately follows another one. Similarly, Dubois and 
Prade H) represent dates as a possibility distribution. Hence, 
it is possible to express different situations: whether a date 
is precisely known or not (i.e., it is within an interval), 
whether a date is fuzzily known (i.e., the interval boundaries 
that contain the date are not clearly known), or whether 
a date is attached to an event that may not occur. From 
this representation the authors use fuzzy sets to represent 
time points that are possibly/necessarily after or before a 
date, and use fuzzy comparators to express relations between 
time instants. Finally, Moon et al. ^ do not consider 
uncertainty on the time instants, but fuzzify temporal events 
and states and define an order relation among events and 
states, represented as a directed graph. 

In requirements engineering fuzzy logic has been adopted 
to perform tradeoff analysis [lOJ among conflicting func- 
tional requirements. In particular, aggregation functions are 
used to combine correlated requirements into high-level 
ones. Fuzzy logic has been also exploited to express uncer- 
tain requirements ifTTl . lfT2]| . lfT3l . Liu et al. ifTTl introduce a 
methodology to elicit non-functional requirements through 
fuzzy membership functions that allow one to represent 
the uncertainty about the human perception. RELAX lfT2ll 
is a notation to express uncertain requirements, whose 
assessment is affected by the imprecision of measurement. 
Finally, FLAGS ifTSi extends traditional LTL by adding 
new operators to represent transient/small violations in the 
temporal domain. Its main purpose is providing a notion of 
satisfaction level of requirements in the temporal domain. 
In particular, the authors use this approach to tolerate small 
deviations of the satisfaction of the requirements during or 
within a temporal interval. Despite the purpose of FLAGS 
is similar to our approach, the syntax and the semantics of 
the FLAGS language are not formally described, and the 
relations among temporal operators are not even provided. 

III. Background 

This section provides a general definition of fuzzy logic, 
and points out the differences between a fuzzy and a prob- 
abilistic approach for the evaluation of temporal properties. 
Finally, the section introduces the formalism proposed in ||6l 
and discusses its limitations. 



A. General formalization of fuzzy logic 

The term "fuzzy" has been explicitly used for the first 
time in Zadeh's seminal work |14| about fuzzy sets, where 
he presented the theory of classes with unsharp boundaries. 
In this work, the logical formalism of fuzzy sets shares the 
same syntax of Propositional Logic (PL), but its formulae 
may have a truth value comprised between and L Con- 
junction and disjunction are interpreted as min and max 
operations, respectively. 

As Zadeh pointed out LISJ . two main directions in fuzzy 
logic have to be distinguished. In a broad sense, fuzzy logic 
has been used to support fuzzy control and to express the 
vagueness of natural languages, without demonstrating its 
formal properties. In a narrow sense, "fuzzy logic is a logical 
system which is an extension of multivalued logic and is 
intended to serve as a logic of approximate reasoning". In 
this paper, we use the term "fuzzy logic" to refer both to 
the Zadeh Logic |14| (which in computer science it is often 
called "Fuzzy Logic") and each continuous t-norm fuzzy 
logic [ 16|. Despite the Zadeh Logic has been heavily applied 
in soft computing, it has no strong logical characterization. 
Instead, for t-norm fuzzy logics, it is often possible to 
provide an axiomatization and some completeness results. 

We conceive a fuzzy logic as a many- valued logic ifTTl . 
whose formulae may have a truth value comprised between 
and 1 and the semantics of the connectives satisfies some 
monotonicity laws. The semantics of a fuzzy logic must 
also be coherent with PL, which means that fuzzy logic 
and PL must share the same syntax, fuzzy logic must 
reduce to PL when all predicates assume value or 1, 
and conjunction and disjunction must be commutative and 
associative connectives. The semantics of the conjunction 
(A), disjunction (V), negation (^), and implication (=>), is 
inferred by considering respectively a continuous t-norm 
((8)) lITSl . its associated t-conorm (0), a negation function 
(G), and an implication function (©). In the case of a t- 
norm fuzzy logic, the negation is the pseudo-complement 
(i.e., Qa = niax{/3 G [0, 1] | a ® P ^ 0}), while the 
implication function becomes the residuum of the t-norm 
(i.e., a© fi — max{7 e [0, 1] \ a® ^ < 7}). In the rest of 
the paper we will refer to these functions as the interpretation 
of connectives. Note also that the family of (continuous) t- 
norm fuzzy logics is infinite, as demonstrated by the infinite 
class of Dubois-Prade |fT9l and the Yager 1201 t-norms and 
t-conorms. 

Table [I] summarizes some useful properties of the con- 
nectives of a fuzzy logic, while Table |ll] provides the 
interpretation of these connectives for the Zadeh Logic and 
three other well-known t-norm fuzzy logics. 

Once identified an interpretation of the connectives, the 
evaluation of a (fuzzy) formula can be represented as a 
function Vi from the set of well-formed formulae to [0, 1], 
which extends the interpretation i : AP — > [0,1] used to 



evaluate an atomic proposition in AP. 

The following proposition describes some well-known 
properties of t-norms and t-conorms. 

Proposition 1. Let ® be a t-norm and Q be a t-conorm, 

a,l3 e [0,1], and d+,d^ : [0,1]^ -^ {0,1} be the drastic 
sum and the drastic product defined respectively by: 

d+{a,(3) = l^a + /3 > 0, 
d^(a,/3) = l^a-;3= 1. 

Then 

maxja,/?} < a ® /3 < d+(a, /3), 
d^ (a, /3) < a (Ki /3 < min{a, /3}. 

For a continuous t-norm it is possible to define two 
connectives called lattice (or weak) conjunction (A™), and 
lattice disjunction (V*"). The semantics of these connectives 
is given by: 

pA^q = pA{p^q), 

pW'^q={{p^q)^ q) A"' ({q ^ p) ^ p). 

Nevertheless, they reduce respectively to the max and min 
operations, as stated in the following well-known proposi- 
tion. 

Proposition 2. Let PaiPp G AP such that i{pa) = ol, and 
i{pp) = l3, then, for each continuous t-norm: 

Vripa A*" pp) = max{a, /3}, 
v^(pa V^' pfj) = min{a, /3}. 

B. Fuzzy Logic and Probability 

Fuzzy logic and probability have been usually conceived 
as similar disciplines. However, the nature of fuzzy logic 
and probability are totally different both on the ontological 
and epistemological level. These disciplines deal with two 
different topics. Probability focuses on observable events 
whose occurrence is uncertain, while fuzzy logic deals with 
vague events that cannot be clearly assessed. 

For example, the statement "tomorrow there will be a 
power outage" is uncertain, since it is not possible to know 
the truth value of the formula. However, by applying the 
probability theory (e.g., by analyzing the frequency of power 
outages during the last month), it is possible to state that, for 
example, the probability that the aforementioned statement 
will be true is 3.8%. Still, when a direct observation can be 
performed (i.e., tomorrow), it is possible to assess whether 
an outage took place or not and, indeed, the probability value 
can collapse either to or 1. 

Instead, the statement "tomorrow the number of power 
outages will be low" is not tractable from a probabilistic 
point of view, because the nature of the event itself is not 
clearly measurable, since the concept of "low" has not been 
defined in a observable way. In this case, we are not facing 
the problem of uncertainty of an event, but the vagueness 
of its definition. Indeed, assigning the truth degree of 0.038 



Table I 
Properties of the interpretations of connectives. 



1 boundary value commutativity | associativity | monotonicity 


negation 


00 = 1 

01 = 


- 


- 


a < /3 => 0a > 0^9 



000 = 
a 1 = « 



yes 



yes 



/3>7=>a0/3>o07 
Cf /3 < a 



O0O = a 
a© 1 = 1 



yes 



yes 



/3>7=>a©/3>o©7 
a® B> a 



implication 



1©I3 = I3 
i/3 = a© 1 = 
a© = ©a 



Q</3=>o©7>/3©7 

/3<7=>a©/3<o©7 

a © ,9 > max{©a, /3} 



Table II 
Some interpretation for connectives. 





Zadeh |14| 


Godel-Dummett ISTl 


Lukasiewicz |17| 


Product 1 22 1 


©a 


1-Q 


J 1, a = 
\ 0, a>0 


1-a 


r 1, = 
\ 0, o > 


O0/3 


min{a, /3} 


min{a,/3} 


max{a + ,3- 1,0} 


0./3 


O0/3 


max{a,/3} 


max{o, /?} 


min{o + /3, 1} 


a + /3- 0-/3 



o © /3 max{l — o,/9} 



a < /3 



min{l - a + /3, 1} 



1, a < /3 

/3/q, a>(3 



to the aforementioned statement means that tomorrow the 
smart grid will face a "high number of outages". Even a 
direct observation of the number of outages will not cause 
this value to collapse to or 1. 

C. Fuzzy Linear-time Temporal Logic 

This section briefly describes FLTL (Fuzzy Linear-time 
Temporal Logic) |6|, which is an extension of Zadeh Logic 
with temporal operators. FLTL has the same syntax of LTL. 
In particular, let $ be the set of well formed formulae and 
AP the set of propositional letters, then (/3 e $ if and only 
if 

ip := p\ ^Lp \ ip /\ Lp \ Xl^ I Glf I (/3Uly9, 

where p e AP. The semantics of a formula G $ is defined 
w.r.t. a linear time structure -n^ — {S, Wq, w, L), where S is 
a set of states, wq is the initial state, w G wqS'^ is an infinite 
path, and L : S* — > [0, 1] is a/wzzj labeling function. The 
evaluation v{<p,w^) of a formula (^ S $ along the path w 
from the i-th instant is a real number in [0, 1] recursively 
defined by: 

v(jp,w') = L{w,){p), 

v(^ip,w^) = 1 — v{p,w^), 

v{ip A Ip, w') = m.m{v{ip, w*), w(-0, w*)}, 

v{'X-ip,w'') = v{(p,w'^~^^), 

v{G(p, w*) = min{w((p, w*), v{Gip, w*+^)}, 

v{ipTJ'ip, w'') — 

iB.a.x{v{ip, w^),min{v{(p, w*), v{(plJ^p, w''^^)}}. 



It is easy to see that FLTL extends LTL in the sense that 
if for all s e 5 and p e AP is L{s){p) S {0,1}, then 
v{(p,w^) — I <=> w'^ \^ ip. 

Note that FLTL cannot represent the vagueness in the 
temporal dimension. Fuzzyfication just addresses Boolean 
connectives and keeps a crisp semantics for the time (al- 
ways/never). For example, when we evaluate the "globally" 
(always) operator, it may not be suitable to consider the 
minimum truth value encountered. For instance, this seman- 
tics does not allow us to tolerate transient violations that 
take place for a few number of times compared to a long 
time interval. For example, if we want to assess the truth 
of the statement "this week no power outage happened", 
we must consider that even one power outage is enough 
to negatively affect the truth value of this formula, and we 
cannot tolerate a few power outages. Furthermore, even if 
this semantics allows us to express statements about the 
future, such as "tomorrow power outages will take place", 
we cannot express statements, such as "soon a power outage 
will happen". 

For these reasons, the language we propose in this paper, 
although partially inspired by FLTL, introduces a completely 
new approach to the fuzzifycation of the temporal domain. 



IV. FTL: Fuzzy-time Temporal Logic 

In this section we describe the syntax and semantics of 
FTL, which is our fuzzy-time temporal logic. 



A. Syntax 

FTL extends LTL in order to deal with fuzzyness on 
time. Let AP be a numerable set of atomic propositions, 
^, A, V, => be the (fuzzy) connectives, and O and T be the 
sets of unary and binary (fuzzy) temporal modalities. Then, 
(f belongs to the set $ of well-formed FTL formulae (from 
now on, simply formulae) if it is defined as follows; 

If ■.= p\^ (p\ip - v\Oip\ ipTip, 

where p e AP, ^ is a binary connective, O G O, and 
T E T. As unary operators we consider X (next). Soon 
(soon), T (eventually), Tt (eventually in the next t instants), 
Q (always), Qt (always in the next t instants), AG (almost 
always), AGt (almost always in the next t instants), £t (lasts 
t instants), Wt (within t instants), where t E N. Binary 
operators are U (until), Ut (bounded until), A14 (almost 
until), and AUt (bounded almost until). We admit the use of 
X^{-) as a shorthand for j applications of X. For example, 
A'^(-) = X{X{-)). Conventionally we also set X^ip = ip. 
From now on, operators Soon, AG, AGt, ^t, Wt, ALl, and 
AUt will be indicated as "almost" operators. 

B. Semantics 

The semantics of a formula ip is defined w.rt. a linear time 
structure {S, sq, it, L), where S is the set of states, Sq is the 
initial state, tt is an infinite path tt — sqSi • • • £ S'^, and 
i : 5 — > [0, l]'^^ is the (fuzzy) labeling function that assigns 
to each state an evaluation for each atomic proposition in 
AP. tt' indicates the suffix of tt, by starting from the i-th 
position and s* is the first state of tt'. Besides, we adopt an 
avoiding function 77 : Z — >■ [0, 1]. We assume that ri{i) — 1 
for all i < 0, and n,, G N exists such that rj is strictly 
decreasing in {0, . . . ,n^} and 77(71') = for all n' > riji. 
Function ry expresses the penalization assigned to the number 
of events we want to ignore in evaluating the truth degree of 
a formula that contains an "almost" operator. For example, 
we interpret the formula "almost always p" as "always p 
except for a small number of cases", and we penalize the 
evaluation of the formula according to the number of avoided 
events. Hence, the evaluation of a formula that contains 
the operator AG realizes a tradeoff between the number of 
avoided events, and the penalization assigned to this number. 

Since we are dealing with a multi-valued logic, it makes 
no sense to define a crisp satisfiability relation. Instead, to 
define the semantics of a formula (p along a path, we express 
a fuzzy satisfiability relation as ^ C S'^ x F x[0,l], where 
{tt \= If) = 1^ E [0,1] means that the truth degree of (p 
along TT is i'. We say that two formulae ip and 7/; in $ are 
logically equivalent, in symbols ip = tp, if, and only if, 
(tt 1= (p) = (tt 1= 7/)) for each linear time structure, and for 
each avoiding function. 

The truth degree of a formula is defined, as usual, re- 
cursively on its structure. Let p E AP and tt* be a path. 



then: 

(tt' 1= ^p) ^eiTT-^p,), 

{tt' 1= yj a 7/;) = (tt* h ^) ® (^' h ^), 

{tt' 1= (/. ^ tA) = {tt' h ^) ® {^' h ^), 

where p E AP, i E N, and Q,(g),0,© are the operations, 
between real numbers, defining the chosen semantics of the 
connectives (^, A, V,=>). 

We are now able to introduce the semantics of FTL 
temporal operators. 

Next: Operator "next" (X) has the same semantics of its 
corresponding LTL operator X: 

{tt' 1= Xp) = (TT^+l h ^)- 

Soon: Operator "soon" (Soon) extends the semantics of 
the "next" operator, by tolerating at most n,f time instants 
of delay. In other words, the greater the number of tolerated 
instants, the greater the penalization will be. 



i+n,, 



{tt' ^ Soonip) = (tt^ h ¥') ■ '7(j 



!)■ 



Proposition 3. From the monotonicity of the t-conorm © 
(see Table [^ it naturally follows that 

{tt' \= Xp}) < {tt' \=Soonip). 

Eventually: Operator "eventually" (J^) and its bounded 
version (J^t) also maintain the same semantics of their 
corresponding LTL operator F. Namely, 

i+t 



3=1 



{tt' h -F^) = 0(7r^' h ^) = , lim i^' H J't^)- 



t— f+00 



First, observe that for Tt the equivalences Tqp = p and 
Tt'P = <p V XTt-i^ hold, for < > 0. The semantics of T 
requires a passage to the limit, whose existence is ensured 
by the fact that the sequence {tt' |= J-t'p)tefi is increasing, 
as the t-conorm is monotonic. These facts are summarized 
in the following proposition. 

Proposition 4. For all (p E F and t < t' : 

{it' h V) < i^' h ^fp) < {tt' h ^t'ip) < (tt^ h ^^)- 

Within: Operator "within" (Wt) is inherently bounded, 
and its semantics is defined by 

i+i+n,, — 1 

(^^^n;,^)= {n^l^^).r^{j-t-z). 

3=i 

Formula WtP states that subformula p is supposed to hold 
in at least one of the next t instant or, possibly, in the next 



t + n.fj. In the last case we apply a penalization for each 
instant after the t-th. 

Proposition 5. The semantics of operator Wt can be ex- 
pressed by only using operators X and Soon. More formally, 
for all If e F and t G N°; 

t+i 



Wtv? = ^Ftip V X'+' Soon tp 



and 



yVo<y5 — Soon If. 

Corollary 6. For all if £ F and t e N 

(tt' \= Wtf) > {n' l^Ftf), 
lim (tt^ \=Wtf)^ (tt* ^Ff). 

i— >-+oo 

Proof: The first property follows immediately from the 
previous proposition. For the second property, observe that 
(tt' \= Fn )<f > (tt' 1= Soonip), and then actually 

and applying the squeeze theorem we have the thesis. ■ 
Always: Operator "always" (Q) and its bounded version 
(Gt) extend the semantics of their corresponding LTL oper- 
ator G. Namely, 

i+t 
j=i 

(tt^ 1= g^) = (g)(^^' h ¥>) = , lim (tt' h GtV>)- 

As for Ft, observe that for Qt the equivalences Qoip = (p 
and Qtf = ip A XQt-ip> hold, for t > 0. Similarly to F, 
the semantics of Q also requires a passage to the limit, 
whose existence is ensured by the fact that the sequence 
(tt' \= Qtf)t&i is decreasing, as the t-norm (g) is monotonic 
(see Table [III. These facts are summarized in the following 
proposition. 

Proposition 7. For all p £ F and t < t': 

{7T'^gf)<{7r'^gtp)<(7r'^gt>ip) 

< in' h Go^) = in' h V)- 

From propositions [3j [5] and It] we can immediately obtain 
the following corollary. 

Corollary 8. For all cp e F and t, t' G N." 

in' h QV) < in' h ^^), 
in^^gt^)<i7r'^Ft'p), 



Almost always: Operator "almost always" (Ag) and its 
bounded version (Agt) allow us to evaluate a property over 
the path 7r% by avoiding at most n,-i evaluations of this 
property, and, at the same time, introducing a penalization 
for each avoided case. Let It be the initial segment of N of 
length t + 1, i.e.. It = {0,1,..., t}, and V'^ih) the set of 
subsets of It of cardinality k, then 



(tt* 1= Agt P>) = max max (X) (tt 

iTT'\^Agp)= lim (TT^i^Agt^p). 



i+h 



v) -vij), 



As we will see later, the sequence (tt* |= Agt p^)teti is 
not monotonic. Nevertheless, we can still prove that the 
semantics of Ag is well-defined. 

Proposition 9. Given p £ F, it is possible to recursively 
define n propositional letters po, . . . ,p„-i, such that 

ii:' ^ Ag p) = mi,^ {gpr Vij)} ■ (1) 

Proof: Let define po as: 

VzeN, {tt' \= Po) ^ in' ^ p). 

Then, for all < ttt- < n^, we recursively obtain p,,„ from 
Pm-i in the following way. Let hm be the minimum in 
NU{oo}, such that for all fc e N, (tt'' |= p,„) < (tt'' |= p,„). 
Then, let set 



(ttJ 1= p„j) = (tt^ 1= Pm-i), j < h; 

(tT-J 1= p,n) = (tT^ + I 1= _Pm_i), j > h. 



Hence, for all t > j 

(tt" \= gt-jPj) < max 

Hev'-Hit) 



)in'+''^p). 



heH 



The first term corresponds to choose H — It\ {hi , . . . ,hj}. 
The converse inequality also holds, since it derives from the 
monotonicity of the operation (g). Then, passing to the limit 

lim (tt' |== Agt p) = ^ lim nisx.{gt-jPj ■ vij)} 

= max {gp J -ijij)}, 

and, indeed, we have the thesis. ■ 

Note that the maximum in the definition above can be 
expressed in each fuzzy logic we are considering. Indeed, 
in the Zadeh Logic the maximum is simply the (standard) V, 
and in a t-norm fuzzy logic it is the lattice disjunction V™. 
We decide to use the maximum to find the best matching 
between the number of avoided cases, and the penalization 
due to 77. Indeed, if we define the semantics of Ag via the 
(strong) disjunction as 



in'\-Agtp) = ^ 



l(^"+'h^)-'?(j) 



j=0 H<^V*-i{It) hGH 



Table III 
Example of definition of a predicate p and an avoiding 

FUNCTION r]. 






0.1 

1 



0.2 
0.5 



1 

0.3 



0.1 




■^GsP) — 0.06, and the sequence (tt* |= AGtP)teN is not 
mono tonic. 

Lasts: Operator "lasts" (Ct) is bounded, and expresses 
a property that lasts for t consecutive instants from now, 
possibly avoiding some event at the end of the considered 
time interval. The semantics of this operator is defined as 
follows: 



and consider the Lukasiewicz's interpretation for the con- 
nective V, then a formula AG P will often evaluated to 1 
due to the high number of considered cases, and (almost) 
independently from the evaluations of p. 

In the following proposition we show how to reduce the 
complexity of the evaluation of operator AG, by exploiting 
the monotonicity of the t-conorm. 

Proposition 10. It is possible to evaluate tlie truth de- 
gree of formula AGtP by performing 0(n^(log(t) + 1)) 
comparisons, 0(t) applications of the norm ®, and 0{nrj) 
multiplications. 

Proof: We consider the same technique applied in the 
proof of Proposition [9] Let {ak)k<n be a finite sequence 
of indices such that V/c < n, ak < t, and \/h < k < n, 

(tt'^" \^p) < (tt'"'' ^ p), then 



(tt* 1= AGt p) = max ■ 



W^'hp)-ri{3) 



^h ^ { a 1 ..... a J } 

h < 7^■,^ 



max i (tt* ^Gtp), 

l<J<ni7 



(^*+"hP)-^(j) 



h ^ {ai, . 
h < 



.,aj} 



(2) 



Finding the indices at requires at most 0(?i^log(i)) com- 
parisons (for example applying the heapsort algorithm), and 
extra 0{n,-i) comparisons are used to evaluate the maximum. 
0{t) applications of are needed, observing that the 
operation is associative, and, indeed, the value obtained 
at one step can be used for calculating the value for the 
following step. ■ 

From (J2]i, we also have the following corollary. 

Corollary 11. For all ip e F and t e N.- 

[^'^AGt^)>{T^'hQM, 
{tt' ^ AG v) > {ir' hM- 

Observe that in general it is not possible to establish a 
priori which inequality holds between (tt* |= AGt f) and 
(tt* 1= AGt' f), with t 7^ t', as this also depends on function 
7]. For example, let us consider a predicate p together with 
an avoiding function 77, whose behaviors are described in 
Table |III1 

If we consider the Zadeh interpretation of connectives, 
then {tt° ^ AGip) = 0.1, {t:° h AG2P) = 0.3, and (tt" ^ 



(tt* h ^tf) = ^ ^ max Un' |= Gt^j^) ■ vU)}- 

0<j<inin{t,n^ — 1} 

Proposition 12. Let ip G F and i S N, then the sequence 
(tt* 1= Ltf)te¥i is decreasing, and its limit is (tt* |= G^)- 
Moreover, the following inequalities hold: 

{tt' h Gtv) < i^' h ^tv) < {^' h -AGt f). 

Proof: The fact that the sequence (tt* |= Ct'p)tefi is 
decreasing follows immediately from the definition and from 
Proposition [7] Moreover, again from definition 

{tt' h Gt^) < {it' h ^tV) < i^' h Gt-n.f), 

and then passing to the limit the first part follows. The 
inequality (tt' |= Ct'p) < (tt* |= AGt 'p) is a direct 



consequence of Proposition 10 



Until: The semantics of operator "until" (U) and its 
bounded version iUt) naturally extends the one assigned to 
the corresponding LTL operator U, for t > 0: 

(tt* h f^t V') = max ((tt^' \^ ^) ® (tt' |= Gj-M) , 

i<j<i-\-t 

{7:'^ipUij)= lim (tt* hf^WtV), 

Analogously to AG, the maximum is used to find the best 
matching between the evaluation of tp and ip. 

Proposition 13. The semantics of operator U is well- 
defined. Moreover, (tt* |= (pW V') < (tt* (= -T^V')- 

Proof: For the first part, it suffices to prove that the 
sequence (vr' |= (pUt'4')t£N is increasing. This is obvious 
as, for all t > 0: 

{it' l^ipUt^) 

For the second part, let p e AP such that Vj > i, (tt-' |= 
p) = 1. Then (tt* |= (pUip) < (tt* 1= pUi/j), and from 
Proposition [T] we have 

(tt* ^(^WV) < (tt* hP^V") =max(7rJ' h V") < (tt* h-^V')- 



In particular, for all t e N, we can write 

{tt' h V^) = (tt" 1= vU„i^)< in' ^^Ut^) 
< in' ^ipUip) < (tt' h-^V')- 



(3) 



Almost until: Operator "almost until" (AU) and its 
bounded version (AUt) are obtained by the previous ones, 
by replacing operator Qt with its relaxed version AGt'- 

(tt' 1= ipAUt -0) = max ({tt^ \= ip) (^ (tt* |= AGj^i ip)) , 

i<3<i-\-t 

(tt' ^ if AU i>) = lim in' ^ if AU tip), 

i— f+oo 

for t > 0. Similarly to U, we can state the following. 

Proposition 14. The semantics of operator AU is well- 
defined. Moreover, for all t gN 



[tt' ^ V) - (^'' hv^^^)< K h^i^ti^) 



(4) 



< (tt* \^ipAUt^) < (it' \=ipAUtP). 
Proof: As for U, we can observe that for all i > 0, 

max{(^^ h ^AUt-i ^), (n' \= AQt-i ^ A A"*^)}. 

The sequence (tt* |= ipAUt'tp)t£N is increasing and the 
semantics of ALl is well-defined. The latter part follows from 
Corollary [11] ■ 

Before considering further relations among operators, note 
that for each class of operators, a different avoiding function 
can be considered. For example, we may prefer to tolerate 
a long delay in evaluating Wt operator, but we accept to 
tolerate only a few number of avoided events in evaluating 
AGt- In this case, we can define two functions, ?7w and rjg, 
such that for all i G N, ?/w(*) > '7e(*)- However, we leave 
this issue for a future investigation. 

As a final remark, notice that the semantics we have cho- 
sen for our operators is arbitrary, and many other variants can 
be proposed. However, the properties above show that our 
choice is reasonable. For example, the "almost " operators 
are more lax than the traditional ones, since their evaluation 
has a greater value, exactly as one would expect. 

V. Reductions and equivalences 

This section prove that, under the assumption that all 
events are crisp, FTL reduces to LTL, and provides a set of 
interesting relations between the operators of FTL. Finally 
we also provide some possible adequate set of connectives, 
from which it is possible to infer all the others. 

Reduction to LTL: We can prove that, in some sense, 
the semantics of FTL extends LTL, as stated in the following 
proposition and theorem. 

Proposition 15. Let p,q & AP such that for all j > i, 
(tt-' ^ p), (tt^ \=q) & {0, 1}, then 

(tt* ^Tp) = l^ n' h Fp, 
(tt' h5p) = l^TT'h Gp, 




Figure 1. Comparison among operators. 



Proof: It follows, through straightforward calculation, 
by applying the boundary value in Table |l] ■ 

Theorem 16. Let for all p e AP and i G N, tt' |= p e 

{0, 1}, and 77(1) — 0. Then FTL reduces to LTL. 

Proof: First notice that, by definition. Soon reduces to 
X, yVt to J^t, AQt and Ct to Qt, and AUt to Uf Then, the 
thesis follows by applying an argument similar to the one 
used in the previous proposition. ■ 

General relations: The relations between some of FTL 
operators are shown in Figure [1] Moreover, as shown in the 
following proposition, their values coincide only in a special 
case. 

Proposition 17. Let ip <E F and i £ N, then (tt* |= Fip) — 
(tt* 1= Qp) if and only if (tt^ |= Lp) is constant for all 
J > i- 

Proof: For the first implication, observe that if (tt^ |= 
if) is constant for all j > i, then for all j,j' > i, (tt^ |= 
Tip) = {tt^ \= Qip) = (tt* ^ p). Conversely, suppose 
h,k > i exist such that (vr'* \^ p) — a < [ii^ |= pi) — b. 
Then from Proposition [T| it follows that: 

(tt* 1= Gp) < niinlTT-' \= p} < a < b 

< min(7r-' \^ p) < (tt* |= J^p). 

m 
Adequate sets: An adequate set of connectives for a 
given logic is a subset of its connectives that is sufficient to 
equivalently express any formula of the logic. For example, 
it is well known that X and U, together with A and ^, form 
an adequate set of connectives for LTL. Clearly, adequate 
sets also depend on the interpretation of the connectives. 
So we denote by FTL(Z), FTL(G), FTL(L), and FTL(n) the 
logics whose semantics is based on Zadeh, Godel-Dummett, 
Lukasiewicz, and Product interpretation, respectively. 

Before finding an adequate sets of connectives for FTL(Z), 
FTL(G), FTL(L), and FTL(n), we need to introduce the 
extra operators 0^, for 1 < j < n^, whose semantics is 

(tt^ 1= Q3ip) = (tt* h ^) ■ VU)- 

Proposition 18. Let p <E F, then in FTL(Z) and FTL(L) 

Gp = ^T^p and Tp) = -^G^p>- 



Table IV 
Adequate sets for FTL(Z), FTL(G), FTL(L), and FTL(n). 



Logic 


Adequate set 


FTL(Z) 
FTL(G) 
FTL(L) 
FTL(n) 


A,-.,A',W,.4i/,0i,...,0"'J-i 
A,=>,A',W,ylW,0l,...,0"'7-i 
A, =>, A", J-, W, .4W, 0i , . . . , 0"'J-l 



Proof: Simply observe that, in the considered logics, 

(fi Alp = ^{^f V ^ip), and (p\/ ip = ~^{^'fi A ^ip). ■ 

Theorem 19. Let {T,pi, . . . ,p„^_i} C AP, with tt* ^ 
T = 1, TT* 1= pj = i](j), for all i (z N, and 1 < J < n^. 
Then FTL(Z), FTL(G), FTL(L), and FTL(Ii) admit a finite 
set of adequate connectives. Some of the possible adequate 
sets are presented in Table 17^ 



Proof: It mainly follows from propositions [5[{T8| and 
from the definition of the operators. Moreover, observe that 
in FTL(Z) and FTL(G), Tip = TU (p wd Qlp = ipUT . 
While F and G are dual in FTL(Z), this does not hold 
in FTL(G), because of the different interpretation of the 
negation. Observe that in Product Logic, V cannot be 
expressed in terms of A, while this is possible in Godel- 
Dummett and Lukasiewicz logics (see 1T61 ). Note that the 



adoption of the adequate sets in Table IV can possibly cause 
a super-exponential blow-up of the length of the formulae. 
For example, formula AGtP, is equivalent in FTL(n) to a 
formula of length 0{3^ -t) that only contains connectives 
A, ^, and X. ■ 

VI. Examples of properties and specifications 

This section illustrates how FTL can be adopted in 
practice to formalize a set of properties of a smart grid. 
Smart grids must maximize the availability of appliances and 
optimize the consumption of energy. Metering data regarding 
the energy consumption are periodically computed and are 
used by the Energy Management System (EMS) to balance 
the work load of the appliances. In particular, the EMS 
sends proper operational control data to the appliances to 
schedule their tasks and tune their functioning in order to 
avoid outages. To this aim, we may need to express some 
statements about the amount of energy consumed and the 
availability of appliances. Furthermore, we may need to 
tolerate a few number of outages or some cases in which 
the appliances are temporarily unavailable. Our example 
defines a set of formulae, under the assumption that the smart 
grid controls a single appliance (A^i). However, provided 
formulae can be easily modified to cover the cases when 
more than one appliance must be controlled. 

The first property, which may be necessary to evaluate, is 
'Wi must be available almost always during the day". Let 
TT be the path of the daily minutes, and consider a (fuzzy) 
predicate a that measures whether the availability of A^i is 



(TTi 1= a) = 



high. More precisely, (tt* |= a) expresses the truth degree of 
proposition "at the i-th minute of the day, the availability of 
Ni is high". Availability is, in general, measured as the time 
difference between the instant when a request is issued and 
the instant when the appliance is active. This time difference 
can be estimated in seconds and this makes reasonable the 
choice of minutes as time granularity. Using this definition 
of availability, we can evaluate predicate a as follows. If Ai 
is the actual time delay of the i-th minute. Mi the mean time 
delay of the i-th minute of the day computed daily over the 
last month, and cr| the variance, let Ai ^ Ai — Mi, then 
m^n{l,^(A, + fcr2)}^ A, > -faf; 

0, otherwise. 

As avoiding function we can choose 77(71) — e^'"/^'') , if 
n < 20, and otherwise. The evaluation of formula GiAAoa 
along TT gives a value corresponding, at most, to the worst 
time difference. Formula ^1^1440 a, instead, can be used 
when we want to tolerate the cases when the availability 
of Ni is fine, except for at most 20 minutes during the 
day. Indeed, if the availability is below the average for 
no more than 4 minutes, then the evaluation of AG 1440 a 
is, at least, e~*^^^/^°-' ^ 0.53, independently from the 
value of the worst minute of the day. Observe that, if we 
consider the mean delay calculated all over the day, we may 
obtain less expressive results, since in case of one big delay, 
the evaluation of the daily availability will dramatically 
decrease. 

We can also consider the crisp propositions d and c. The 
former is satisfied if new metering data are available, while 
the latter is satisfied if an operational control signal is sent by 
the EMS to A^i . If we want to evaluate the property "as soon 
as new metering data are available, a new operational control 
data must be sent by the EMS to A'^i", we can formalize it 
as d => Wic (or by d =^ Soon c, if we do not evaluate the 
formula from the first second), which allows to tolerate small 
delays in the trasmission of operational control data. Instead, 
we cannot tolerate small delays by using LTL, since the same 
proposition would be expressed as d => c or d => Xc. 

Furthermore, let s be a crisp proposition whose evaluation 
is 0, if the appliance is disconnected. Hence, if p is the 
(fuzzy) proposition "the energy consumption is moderate", 
then TT 1= sU 144QP is the truth value of proposition "there 
is no outage in the day until the energy consumption is 
moderate". In case we decide to relax our requirement to 
"the outages of the day are negligible until the energy 
consumption is moderate", we can express this requirement 
as sAUi44op. The choice of operator AlAim^ is suitable 
because AG1440 s allows us to neglect a few number of 
outages of the appliance during the day. 

Finally, the choice of a specific interpretation for the 
connectives is highly important to get more precise results, 
although all the inequalities we proved are still valid in- 
dependently of the interpretation. If we consider formula 



AGi44o s ("the daily number of outages is negligible"), then 
for the evaluation of formula AG ia4o sVX^'^*'^ AG i44q s it is 
quite natural to choose the Zadeh or Godel-Dummett inter- 
pretation, instead of the Lukasiewicz interpretation (namely, 
the truncated sum of their evaluations). As a matter of fact, 
the predicates of this formula do not "saturate", i.e., a long 
sequence of days with many outages cannot be equivalent 
to a day with no outages. Still, the Lukasiewicz interpreta- 
tion defines a substructural logic in which idempotency of 
entailment fails, and can be useful once we are interested in 
put emphasis on resource-boundedness. 

VII. Conclusions 

This paper introduces FTL, a fuzzy-time temporal logic 
to express vagueness on time. The semantics of the temporal 
operators provided by FTL is highly flexible, since it allows 
us to select a particular interpretation for the connectives, 
which best suits the kind of property to be formalized. We 
prove that FTL extends LTL, since, under the assumption 
that all events are crisp, FTL reduces to LTL. We show 
that the temporal operators introduced by our logic respect 
a set of interesting relations, and we also identify adequate 
sets of connectives. As future work, we are investigating a 
verification technique f23 1 for checking the truth degree of 
the FTL formulae on an automata-based model of the sys- 
tem under analysis. This technique modifies the traditional 
reachability analysis, according to the peculiarities of the 
FTL language. Moreover, considering that FTL is particulary 
suitable for describing requirements of active system, in 
which vagueness is often embedded with uncertainty, we 
are planning to investigate the relationship between FTL and 
probabilistic languages. 
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